Thread: Several problems ... help pls.
View Single Post
Old 07-06-2007, 06:21 AM   #5 (permalink)
salman4
Registered User
 
Join Date: Jul 2007
Posts: 9
OS: xp


Re: Several problems ... help pls.
Hi,

Here are the two logs.

ComboFix Log:
-------------

"sak" - 2007-07-06 6:07:10 - ComboFix 07-07-06 - Service Pack 2


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\bimmsvts.dll
C:\WINDOWS\system32\dfvgrwve.dll
C:\WINDOWS\system32\fltnxjuo.dll
C:\WINDOWS\system32\lbfftmap.dll
C:\WINDOWS\system32\mrnkqcuw.dll
C:\WINDOWS\system32\ojrgbfgv.dll
C:\WINDOWS\system32\rhqukami.dll
C:\WINDOWS\system32\sffbuopd.dll
C:\WINDOWS\system32\urqomlm.dll
C:\WINDOWS\system32\urqqoml.dll
C:\WINDOWS\system32\evwrgvfd.ini
C:\WINDOWS\system32\oujxntlf.ini
C:\WINDOWS\system32\pamtffbl.ini
C:\WINDOWS\system32\wucqknrm.ini
C:\WINDOWS\system32\vgfbgrjo.ini
C:\WINDOWS\system32\dpoubffs.ini
C:\WINDOWS\system32\nqtss.bak1
C:\WINDOWS\system32\nqtss.bak2
C:\WINDOWS\system32\nqtss.ini
C:\WINDOWS\system32\gjjlm.bak1
C:\WINDOWS\system32\gjjlm.bak2
C:\WINDOWS\system32\gjjlm.ini
C:\WINDOWS\system32\gjjlm.ini2
C:\WINDOWS\system32\gjjlm.tmp
C:\WINDOWS\system32\nqtss.bak1
C:\WINDOWS\system32\nqtss.bak2
C:\WINDOWS\system32\nqtss.ini
C:\WINDOWS\system32\gjjlm.bak1
C:\WINDOWS\system32\gjjlm.bak2
C:\WINDOWS\system32\gjjlm.ini
C:\WINDOWS\system32\gjjlm.ini2
C:\WINDOWS\system32\gjjlm.tmp
C:\WINDOWS\system32\sstqn.dll
C:\WINDOWS\system32\iifcaww.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe
C:\temp\iee
C:\WINDOWS\b136.exe
C:\WINDOWS\crosof~1
C:\WINDOWS\crosof~1\w?nword.exe
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\jhpo.dll
C:\WINDOWS\system32\o02PrEz
C:\WINDOWS\system32\version69ie7fix.dll
C:\WINDOWS\system32\wapisvsu32.exe
C:\WINDOWS\wr.txt


((((((((((((((((((((((((( Files Created from 2007-06-06 to 2007-07-06 )))))))))))))))))))))))))))))))


2007-07-06 05:57 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-05 04:06 630,200 --a------ C:\WINDOWS\system32\drivers\vetefile.sys
2007-07-05 04:06 108,392 --a------ C:\WINDOWS\system32\drivers\veteboot.sys
2007-07-04 22:22 <DIR> d-------- C:\hijackthis
2007-07-04 21:10 <DIR> d-------- C:\temp1
2007-07-02 18:59 <DIR> d-------- C:\DOCUME~1\SAK~1.DGJ\APPLIC~1\webex
2007-07-02 18:57 51,304 --a------ C:\WINDOWS\system32\drivers\atnt40k.sys
2007-07-02 18:56 202,314 --a------ C:\WINDOWS\system32\atasnt40.dll
2007-07-02 11:24 <DIR> d-------- C:\DOCUME~1\SAK~1.DGJ\APPLIC~1\Opera
2007-07-02 11:23 <DIR> d-------- C:\Program Files\Opera
2007-06-30 11:58 <DIR> d-------- C:\DOCUME~1\SAK~1.DGJ\APPLIC~1\Lavasoft
2007-06-30 11:48 <DIR> d-------- C:\Program Files\Lavasoft
2007-06-30 11:23 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-06-28 12:44 <DIR> d-------- C:\DOCUME~1\SAK~1.DGJ\APPLIC~1\Corel
2007-06-26 11:17 <DIR> d-------- C:\WINDOWS\CAVTemp
2007-06-26 11:00 99,904 --a------ C:\WINDOWS\system32\isafeif.dll
2007-06-26 11:00 79,424 --a------ C:\WINDOWS\system32\vetredir.dll
2007-06-26 11:00 75,280 --a------ C:\WINDOWS\system32\isafprod.dll
2007-06-26 11:00 32,528 --a------ C:\WINDOWS\system32\drivers\vetmonnt.sys
2007-06-26 11:00 26,640 --a------ C:\WINDOWS\system32\drivers\vet-filt.sys
2007-06-26 11:00 21,648 --a------ C:\WINDOWS\system32\drivers\vetfddnt.sys
2007-06-26 11:00 21,392 --a------ C:\WINDOWS\system32\drivers\vet-rec.sys
2007-06-26 10:58 <DIR> d-------- C:\Program Files\Common Files\Scanner
2007-06-26 10:57 2,624 --a------ C:\WINDOWS\system32\omfrbyix.exe
2007-06-26 10:57 <DIR> d-------- C:\Program Files\CA
2007-06-26 10:57 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\CA
2007-06-26 09:00 <DIR> d-------- C:\Program Files\SupportSoft
2007-06-25 21:58 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Google
2007-06-25 21:51 <DIR> d-------- C:\WINDOWS\c2Fr
2007-06-25 15:18 <DIR> d-------- C:\WINDOWS\system32\appmgmt
2007-06-25 12:23 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-06-25 12:22 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-06-24 09:11 4,672 --a------ C:\WINDOWS\system32\kjmacrft.exe
2007-06-23 21:02 <DIR> d-------- C:\Temp
2007-06-23 19:20 <DIR> d-------- C:\DOCUME~1\SAK~1.DGJ\APPLIC~1\Help
2007-06-15 08:13 786,432 --ah----- C:\DOCUME~1\LOGMEI~1\NTUSER.DAT
2007-06-15 08:13 <DIR> d-------- C:\DOCUME~1\LOGMEI~1\APPLIC~1\Symantec
2007-06-15 08:13 <DIR> d-------- C:\DOCUME~1\LOGMEI~1\APPLIC~1\Jasc Software Inc
2007-06-15 08:13 <DIR> d-------- C:\DOCUME~1\LOGMEI~1\APPLIC~1\Intel
2007-06-13 08:32 83,552 --a------ C:\WINDOWS\system32\LMIRfsClientNP.dll
2007-06-13 08:32 63,040 --a------ C:\WINDOWS\system32\LMIinit.dll
2007-06-13 08:32 46,112 --a------ C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
2007-06-13 08:32 26,176 --a------ C:\WINDOWS\system32\LMIport.dll
2007-06-13 08:31 <DIR> d-------- C:\Program Files\LogMeIn
2007-06-09 20:25 <DIR> d-------- C:\Program Files\Open Text
2007-06-08 19:34 <DIR> d-------- C:\DOCUME~1\SAK~1.DGJ\APPLIC~1\acccore
2007-06-08 19:34 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL OCP
2007-06-08 19:32 <DIR> d-------- C:\Program Files\AIM6
2007-06-08 19:31 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL Downloads
2007-06-07 17:51 <DIR> d-------- C:\Program Files\Common Files\Skype
2007-06-07 09:55 38,939 --a------ C:\WINDOWS\system32\eacfilt.dll
2007-06-07 09:55 32,837 --a------ C:\WINDOWS\system32\exthook.dll
2007-06-07 09:55 26,137 --a------ C:\WINDOWS\system32\drivers\eacfilt.sys
2007-06-07 09:55 155,152 --a------ C:\WINDOWS\system32\drivers\ipsecw2k.sys
2007-06-07 09:55 <DIR> d-------- C:\Program Files\Nortel Networks


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-05 01:07:41 -------- d-----w C:\DOCUME~1\SAK~1.DGJ\APPLIC~1\VoipBuster
2007-07-03 03:43:22 -------- d-----w C:\DOCUME~1\SAK~1.DGJ\APPLIC~1\U3
2007-07-02 02:41:34 9,264 ----a-w C:\WINDOWS\system32\msqtvcap.dat
2007-07-02 01:13:06 -------- d-----w C:\Program Files\Yahoo!
2007-06-26 15:47:56 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-06-26 15:45:37 -------- d-----w C:\Program Files\Symantec
2007-06-26 03:10:18 -------- d-----w C:\Program Files\Modem Helper
2007-06-24 02:36:11 -------- d-----w C:\DOCUME~1\SAK~1.DGJ\APPLIC~1\Skype
2007-06-09 19:00:51 -------- d-----w C:\DOCUME~1\SAK~1.DGJ\APPLIC~1\Real
2007-06-09 00:32:47 -------- d-----w C:\Program Files\Common Files\AOL
2007-06-07 22:51:13 -------- d-----w C:\Program Files\Skype
2007-06-07 14:55:12 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-07 14:18:25 -------- d-----w C:\Program Files\Google
2007-06-07 14:11:34 -------- d-----w C:\DOCUME~1\SAK~1.DGJ\APPLIC~1\uTorrent
2007-06-06 01:42:03 -------- d-----w C:\Program Files\Common Files\NSV
2007-06-05 14:16:40 -------- d-----w C:\Program Files\SopCast
2007-05-31 18:47:06 114,448 ----a-w C:\WINDOWS\system32\drivers\KmxFw.sys
2007-05-31 18:47:04 92,432 ----a-w C:\WINDOWS\system32\drivers\KmxStart.sys
2007-05-31 18:47:04 256,784 ----a-w C:\WINDOWS\system32\UmxSbxw.dll
2007-05-31 18:47:04 126,224 ----a-w C:\WINDOWS\system32\drivers\KmxCF.sys
2007-05-31 18:47:02 117,520 ----a-w C:\WINDOWS\system32\UmxSbxExw.dll
2007-05-26 17:51:55 -------- d-----w C:\Program Files\XtenNetworksInc
2007-05-25 20:22:08 10,304 ----a-w C:\WINDOWS\system32\lmimirr2.dll
2007-05-25 20:22:06 24,000 ----a-w C:\WINDOWS\system32\lmimirr.dll
2007-05-20 15:58:15 -------- d-----w C:\DOCUME~1\SAK~1.DGJ\APPLIC~1\SopCast
2007-05-18 19:30:00 89,096 ----a-w C:\WINDOWS\system32\drivers\KmxCfg.sys
2007-05-18 19:30:00 79,368 ----a-w C:\WINDOWS\system32\UmxWNP.dll
2007-05-18 19:30:00 63,496 ----a-w C:\WINDOWS\system32\drivers\KmxSbx.sys
2007-05-18 19:30:00 61,960 ----a-w C:\WINDOWS\system32\drivers\KmxAgent.sys
2007-05-18 19:30:00 45,064 ----a-w C:\WINDOWS\system32\drivers\KmxFile.sys
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-13 01:14:53 -------- d-----w C:\Program Files\utorrent
2007-05-09 08:07:44 -------- d-----w C:\Program Files\MSXML 4.0
2007-05-07 03:05:16 -------- d-----w C:\DOCUME~1\SAK~1.DGJ\APPLIC~1\Feedreader
2007-05-07 03:01:59 -------- d-----w C:\Program Files\FeedReader30
2007-05-06 18:20:55 -------- d-----w C:\Program Files\eFax Messenger 4.3
2007-05-06 18:20:04 -------- d-----w C:\DOCUME~1\SAK~1.DGJ\APPLIC~1\eFax Messenger
2007-04-29 19:35:36 1,156 ----a-w C:\WINDOWS\mozver.dat
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 03:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 03:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 03:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 03:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 03:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 03:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 03:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 03:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2004-12-14 01:56 63136 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}]
2005-06-14 13:56 86016 --a------ C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
2004-12-06 01:05 118842 --a------ C:\WINDOWS\system32\dla\tfswshx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9CA4C98B-0CB0-44ED-A2A2-AAF478739B58}]
C:\WINDOWS\system32\mljjg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
2007-05-31 10:43 2554944 -ra------ c:\program files\google\googletoolbar2.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
2007-05-31 10:44 325048 --a------ C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 17:48]
"@"="" []
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 14:59]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-09-13 15:35]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-04-10 15:27]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50]
"TradeManager"="C:\PROGRA~1\Alibaba\TRADEM~1\TradeManager -hideframe" []
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40]
"mmtask"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2004-09-14 08:50]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2005-03-04 11:26]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-13 16:33]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2007-04-17 14:03]
"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [2007-06-12 12:33]
"QOELOADER"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.17.0\QOELoader.exe" [2007-06-26 10:59]
"CAVRID"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2007-06-12 12:32]
"cafwc"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [2007-06-01 14:14]
"capfasem"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2007-06-01 14:14]
"capfupgrade"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [2007-06-01 14:07]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-09 13:21]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 05:00]
"VoipBuster"="C:\program files\voipbuster.com\voipbuster\voipbuster.exe" [2007-07-04 20:06]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2006-03-01 19:43]
"eyeBeam SIP Client"="C:\Program Files\XtenNetworksInc\eyeBeam\eyeBeam.exe" [2005-05-02 10:08]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-04-27 16:17]
"Uaol"="C:\Program Files\Outerinfo\OuterinfoUpdate.exe" []
"Jci"="C:\WINDOWS\??crosoft\w?nword.exe" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljjg]
C:\WINDOWS\system32\mljjg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
UmxWnp.Dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
"C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eFax 4.3]
"C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" /R

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{51fbe5a8-e6c6-11db-86f3-00038a000015}]
AutoRun\command- E:\LaunchU3.exe -a


Contents of the 'Scheduled Tasks' folder
2007-06-26 16:59:58 C:\WINDOWS\tasks\CAAntiSpywareScan_Daily as sak at 10 59 AM.job
2007-07-06 1200 C:\WINDOWS\tasks\Symantec NetDetect.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-06 06:57:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-06 7:11:02 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-06 07:10

--- E O F ---


HJT:
----

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 7:13:30 AM, on 7/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\Alibaba\TRADEM~1\TradeManager.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.17.0\QOELoader.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\WINDOWS\system32\ctfmon.exe
C:\program files\voipbuster.com\voipbuster\voipbuster.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\eFax Messenger 4.3\J2GTray.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\notepad.exe
C:\hijackthis\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com.../fix_homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {9CA4C98B-0CB0-44ED-A2A2-AAF478739B58} - C:\WINDOWS\system32\mljjg.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [TradeManager] C:\PROGRA~1\Alibaba\TRADEM~1\TradeManager -hideframe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.17.0\QOELoader.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [VoipBuster] "C:\program files\voipbuster.com\voipbuster\voipbuster.exe" -nosplash -minimized
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [eyeBeam SIP Client] "C:\Program Files\XtenNetworksInc\eyeBeam\eyeBeam.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Uaol] "C:\Program Files\Outerinfo\OuterinfoUpdate.exe" -vt yazb
O4 - HKCU\..\Run: [Jci] C:\WINDOWS\??crosoft\w?nword.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: eFax 4.3.lnk = C:\Program Files\eFax Messenger 4.3\J2GTray.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommo...ad/tgctlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1178594264125
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} (SopCore Control) - http://download.sopcast.com/download/SOPCORE.CAB
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {F53270D3-0E32-48B7-B63B-159E33210F70} (Livelink Edit Control) - http://cdnlive.ca.nortel.com/livelin...exp/lledit.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: mljjg - C:\WINDOWS\system32\mljjg.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: CaCCProvSP - Unknown owner - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Contivity VPN Service (ExtranetAccess) - Nortel Networks NA, Inc. - C:\Program Files\Nortel Networks\Extranet_serv.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 13323 bytes
salman4 is offline